OSPF Professional Lab 1

Lesson Contents

NovaTech Pioneers, an innovative leader in digital technologies, is expanding with the acquisition of a new campus. You have been tasked with designing the network topology for this expansion, using OSPF as the chosen routing protocol on Cisco IOS routers. This project will form the backbone of the campus network infrastructure.

As you embark on this design, you will configure OSPF to meet the needs of the growing network. Your work will include:

Basic OSPF setups, advertising networks, adjusting costs, and implementing authentication and security measures.
Establishing OSPF neighbor adjacencies, fine-tuning router IDs, and managing DR/BDR elections along with hello and dead intervals.
Addressing the nuances of different network types.
Developing a multi-area OSPF topology, incorporating various stub configurations and virtual links.
Utilizing OSPFv3 to support a planned expansion using IPv6.
Advanced OSPF configurations, focusing on path preference, load balancing, and LSA filtering and distribute lists.

This lab is more than a simple exercise; it is a dynamic environment where theoretical knowledge is applied in practical scenarios. It’s designed to challenge you and enhance your understanding of OSPF’s role and its integration with diverse network components. Here, you will hone a comprehensive skill set and establish best practices essential for any network engineer.

Your expertise will propel NovaTech Pioneers into a new phase of growth. This is your opportunity to showcase your potential and build a network that is not only scalable and reliable but also foundational to the company’s ambitious objectives. With NovaTech Pioneers, your journey in shaping the future of networking begins.

This lab demands careful thought and patience. Take your time to explore and configure; if challenges arise, refer back to the lessons. This approach ensures you derive the maximum benefit from the lab, fostering a deep, engineer-focused understanding of networking rather than just following steps.

Topology

IPv4

Here is the topology for this lab:

Note that:

There are ten OSPF routers, nine of which will participate in OSPF.
There are two switches, SW1 and SW2.
There is a single host device, H1, in Area 2.
There is a single connection to the Internet made via R1.
There are four OSPF Areas: 0, 2, 3, and 51.
There is a discontiguous backbone Area 0.

IPv6

Here is the IPv6 topology:

Only a part of the topology will be configured for IPv6.

Startup Configs

Other than the specific configurations described in the following sections, the only other initial configuration that needs to be applied to the devices in this topology is the hostname. For example, router R1 should be configured with “R1” as its hostname. Switches can be unmanaged or can be managed switches that remain in their initial configuration. Other initial configurations such as IOS Router initial configurations and configuring Telnet and SSH access can be ignored for the purposes of this lab.

The following startup configs include the configuration of all Loopbacks, interfaces, IPv4 addresses, subnet masks, and hostnames. You can use these to quickly get up and running, or you can choose to create them yourself from scratch if you need the practice. IPv6 addresses will be configured as part of the lab.

Configurations

Want to take a look for yourself? Here, you will find the startup configuration of each device.

hostname R1
!
ip cef
ipv6 cef
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback10
no ip address
!
interface GigabitEthernet0/0
ip address 203.0.113.1 255.255.255.252
!
interface GigabitEthernet0/1
ip address 20.20.20.1 255.255.255.0
!
end

hostname R2
!
ip cef
ipv6 cef
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback10
no ip address
!
interface GigabitEthernet0/1
ip address 20.20.20.2 255.255.255.0
!
interface GigabitEthernet0/2
ip address 192.168.2.2 255.255.255.0
!
end

hostname R3
!
ip cef
ipv6 cef
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Loopback10
no ip address
!
interface GigabitEthernet0/1
ip address 20.20.20.3 255.255.255.0
!
interface GigabitEthernet0/2
ip address 192.168.6.3 255.255.255.0
!
interface GigabitEthernet0/3
ip address 192.168.3.3 255.255.255.0
!
end

hostname R4
!
ip cef
ipv6 cef
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Loopback10
no ip address
!
interface GigabitEthernet0/1
ip address 20.20.20.4 255.255.255.0
!
interface GigabitEthernet0/2
ip address 192.168.1.4 255.255.255.0
!
end

hostname R5
!
ip cef
ipv6 cef
!
interface Loopback0
  ip address 5.5.5.5 255.255.255.255
!
interface Loopback10
  no ip address
!
interface GigabitEthernet0/1
  ip address 192.168.2.5 255.255.255.0
!
interface GigabitEthernet0/2
  ip address 192.168.1.5 255.255.255.0
!
interface GigabitEthernet0/3
  ip address 192.168.20.5 255.255.255.0
!
end

hostname R6
!
ip cef
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Loopback1
ip address 172.16.10.6 255.255.255.0
!
interface Loopback2
ip address 172.16.11.6 255.255.255.0
!
interface Loopback3
ip address 172.16.12.6 255.255.255.0
!
interface GigabitEthernet0/1
ip address 192.168.20.6 255.255.255.0
!
end

hostname R7
!
ip cef
ipv6 cef
!
interface Loopback0
ip address 7.7.7.7 255.255.255.0
!
interface Loopback10
no ip address
!
interface GigabitEthernet0/1
ip address 192.168.6.7 255.255.255.0
!
interface GigabitEthernet0/2
ip address 192.168.5.7 255.255.255.0
!
interface GigabitEthernet0/3
ip address 20.20.30.7 255.255.255.0
!
end

hostname R8
!
ip cef
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface GigabitEthernet0/1
ip address 20.20.30.8 255.255.255.0
!
end

hostname R9
!
ip cef
!
interface Loopback0
ip address 9.9.9.9 255.255.255.255
!
interface GigabitEthernet0/1
ip address 192.168.3.9 255.255.255.0
!
end

R10

hostname R10
!
ip cef
!
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
interface GigabitEthernet0/1
ip address 192.168.3.10 255.255.255.0
!
end

Tasks

The tasks are described as if you are on the job and someone asks you to configure this network. It’s not a cookbook where we tell you exactly what to do and in what order. You will have to decide for yourself. This will help you to think through what is really needed instead of just typing the commands we tell you to.

Basics

To start off with, the following configurations should be applied:

Each device (routers and switches) should have a configured hostname.
Each switch should be configured to function only at Layer 2. No additional configuration should be applied.

IP Addressing

The network will require both IPv4 and IPv6 addressing. Initially, you will start by fully deploying IPv4 throughout the network, but you will eventually begin the process of migration by deploying IPv6 in Areas 0, 2, and 51 (excluding the discontiguous Area 0).

IPv4 Addressing

The IPv4 addressing scheme that will be configured will adhere to the following rules:

All routers will have a Loopback0 interface with a /32 IPv4 address corresponding to the router name. For example, R5 will have a Loopback0 configured with an address of 5.5.5.5/32.
IPv4 addressing will adhere to the addresses found in the network topology. Specifically:
- 20.20.20.0/24 will be used for the network of routers in Area 0
- 20.20.30.0/24 will be used for the network between R7 and R8 in the discontiguous Area 0
- 192.168.1.0/24 will be used for the network between R4 and R5 in Area 51
- 192.168.2.0/24 will be used for the network between R2 and R5 in Area 51
- 192.168.3.0/24 will be used for the network of routers in Area 3
- 192.168.5.0/24 will be used for the host network connected to R7 in Area 2
- 192.168.6.0/24 will be used for the network between R3 and R7 in Area 2
- 192.168.20.0/24 will be used for the network between R5 and R6
- 203.0.113.4/30 will be used for the network between R1 and the Internet.
- 172.16.10.6/24 will be assigned to Loopback1 of R6
- 172.16.11.6/24 will be assigned to Loopback2 of R6
- 172.16.12.6/24 will be assigned to Loopback3 of R6
- 192.168.5.10/24 will be used as the IP address for the host connected to R7 in Area 2, and 192.168.5.7 will be configured as its default gateway.
- The Internet will be assigned the IP address of 203.0.113.2. (Simulate this using any device with the IP address and the default gateway set to the IP address of the GigabitEthernet0/0 interface of R1.
All routers will have their interfaces assigned an IP address within the above ranges using their router name as the number of the last octet. For example, R5 will have .5 as the last octet of all of its IPv4 addresses on its interfaces.

IPv6 Addressing

IPv6 addresses will be confined only to Areas 0, 2, and 51, excluding the discontiguous part of Area 0. The following IPv6 addressing scheme will be used:

You must use the 2001:db8::/32 global unicast prefix.
Routers R1, R2, R3, R4, R5, and R7 will all have Loopback 10 configured on each, with a /64 IPv6 network assigned.
The network interfaces of R1 and the device acting as the Internet will also be assigned a global unicast /64 IPv6 address.
More specific IPv6 addressing will be provided in the appropriate section below.

Basic OSPF Configurations

The following OSPF configurations will be applied to the network:

Area 0

Enable OSPF on all Area 0 interfaces on R1, R2, R3, and R4 and verify that OSPF neighbors have been established.
Configure all four routers to advertise their loopback addresses as well as their Area 0 connected networks via OSPF.
Advertise a default route from R1 to all other routers in Area 0. Make sure that this default route will be advertised regardless of whether or not R1 has a configured default route.
Configure a static default route on R1 that will direct traffic to the Internet.
Ensure that R3 becomes the DR and R2 becomes the BDR for the 20.20.20.0/24 network segment.

Area 2

Enable OSPF on all Area 2 interfaces on R3 and R7, including R7’s loopback interface, and verify that OSPF neighbors have been established.
Configure GigabitEthernet 0/2 on R7 to stop searching for potential OSPF neighbors, but to allow the connected subnet to still participate in OSPF.

Area 51

Enable OSPF on all Area 51 interfaces on R2, R4, and R5 and verify that OSPF neighbors have been established.
Configure all three routers to advertise their Area 51 connected networks via OSPF.
Configure R5 to advertise its loopback address via OSPF.
Configure R5 with an explicitly stated router ID to become the DR for both of its connections in Area 51.
Configure R5 with static routes to all of the networks available on R6.
Configure R6 with a static default route to R5.
Redistribute static routes and connected networks into OSPF on R5.
Configure Area 51 as a Totally NSSA.

Area 3

Area 3 is a special case, where a proprietary WAN protocol is being used. Although the network is using Ethernet, we want to ensure that this operates as point to multipoint non-broadcast network.

Enable OSPF on all Area 3 interfaces on R3, R9, and R10.
Configure all routers to advertise their Area 3 networks, and configure R9 and R10 to advertise their loopback addresses via OSPF.
Configure these routers to use a point-to-multipoint non-broadcast network type.
Configure R3 to become neighbors with R9 and R10 and verify neighbor adjacencies
Configure the hello and dead intervals on these OSPF routers to correspond to double the default values.
Configure Area 3 as a Stub area.

Non-Contiguous Area 0

Enable OSPF on all Area 0 interfaces on R7 and R8 and verify that OSPF neighbors have been established.
Configure R7 and R8 to advertise their Area 0 interfaces via OSPF.
Configure R8 to advertise its loopback address via OSPF.
Create a Virtual Link between R3 and R7 to ensure the non-contiguous Area 0 is correctly connected to the backbone network.

Testing Connectivity of Basic OSPF configuration

Once all of the above has been configured, test the following:

Use ping to attempt to achieve connectivity from all routers to the Internet.
Use ping to attempt to achieve connectivity between various locations on the network including loopback addresses of routers, host addresses, as well as destinations outside of the OSPF routing domain.
Use traceroute to follow the routing path taken from various locations on the network.

Advanced OSPF Configurations

Once you have configured the above, and have verified their correct implementation, the next step is to tweak and adjust certain behaviors and to add additional features, as described below.

Security and Authentication

Area 51 will host more sensitive network services, and we must ensure that security and authentication between OSPF routers is maintained. For this reason, you must:

Configure plain text authentication between R5 and R4, as well as between R5 and R2, and ensure that the new neighbor adjacencies have come up.
Configure a TTL security check between R5 and R4 and between R5 and R2. Apply the configuration on a per-interface basis. Make sure to configure the number of hops explicitly and as restrictively as possible.
You decide that plain text authentication is too risky. For the R5 – R4 neighbor adjacency, change the authentication to MD5, and for the R5 – R2 adjacency, change the authentication to SHA-HMAC.

Other than security features in Area 51, you are also asked to enable Virtual Link Authentication using MD5 to secure the virtual link you created between the discontiguous portions of Area 0. When doing so, make any additional modifications that may be necessary to maintain neighbor adjacencies throughout Area 0.

Load Balancing and Path Preference

Communication between areas 0 and 51 must adhere to the following behavior:

Configure OSPF such that all traffic from Area 0 destined to networks within Area 51 and beyond will be routed via R4 only. If R4 fails, only then should R2 be used. This should be achieved by manipulating the OSPF cost on particular interfaces, and examining the reference bandwidth.
Configure OSPF within Area 51 so that all traffic destined for the Internet is routed via R2. If R2 fails, only then should such traffic be routed via R4. All traffic destined to internal networks should be load-balanced across R2 and R4. To achieve this, consider changing the type of stub that Area 51 is configured as. Do not remove the stub configuration completely.

LSA and Distribute-List Filtering

Prevent the loopback addresses of all of the routers in Area 0 from being advertised within Area 3.
Prevent any OSPF routers from learning about the 192.168.20.0/24 network. Do this by using a route map on the local router.
Prevent R10 from installing a route to the 192.168.2.0/24 network into the routing table. The route should still be visible in the OSPF LSDB.

Summarization

Make sure that summarization is taking place in the most efficient way possible for networks in Areas 2 and 51.

Ensure that the networks found within Area 2 are summarized as efficiently as possible.
Configure summarization on R5 so that the networks redistributed into OSPF within Area 51 are summarized as efficiently as possible.

Migrating to OSPFv3 for IPv6

After you deploy the network as described above, you are instructed to prepare for a migration to OSPFv3 to accommodate IPv6 networks. This is part of a migration that will eventually replace all IPv4 and OSPFv2 operations throughout the topology.

OSPFv3 will be deployed initially in Areas 0, 2, and 51 but not in the discontiguous part of Area 0. IPv6 will be routed using OSPFv3, but this routing will take place independently of any routing created in the previous lab topology.

For this purpose, you will perform the following tasks:

Assign the new IPv6 addressing scheme

The IPv6 addressing scheme that will be configured will adhere to the following rules:

IPv6 routing must be enabled on all of the routers involved in IPv6 routing.
Enable all of the appropriate router interfaces with IPv6 so that OSPFv3 will be able to function between the listed routers.
The following routers will be configured with a Loopback10 interface with a /64 global unicast IPv6 address as follows:
- R1’s Loopback10 interface will be assigned 2001:db8:0:1::1/64
- R2’s Loopback10 interface will be assigned 2001:db8:0:2::1/64
- R3’s Loopback10 interface will be assigned 2001:db8:0:3::1/64
- R4’s Loopback10 interface will be assigned 2001:db8:0:4::1/64
- R5’s Loopback10 interface will be assigned 2001:db8:0:5::1/64
- R7’s Loopback10 interface will be assigned 2001:db8:0:7::1/64
The network between R1 and the device acting as the Internet will be assigned IPv6 addresses in the 2001:db8::/64 prefix. The appropriate IPv6 default gateway should also be assigned to the Internet device.
The network between R7 and the host H1 will be assigned IPv6 addresses in the 2001:db8:0:A::/64 prefix. The appropriate IPv6 default gateway should also be assigned to the host device.
The rest of the interfaces between routers will not be assigned global unicast addresses but will use their Link-Local addresses for OSPF operations.

Enable and configure OSPFv3 in areas 0, 2 and 51

Enable OSPFv3 operation in areas 0, 2, and 51, excluding the discontiguous area 0 such that all of the above IPv6 networks assigned to the loopback interfaces are reachable to each other.

IPv6 default route

Configure an IPv6 default route to the Internet such that all IPv6 routers in the topology can reach the Internet.

OSPFv3 Authentication and encryption

Configure Authentication and Encryption for OSPFv3 between all routers in Area 0, ensuring that OSPFv3 adjacencies are maintained.

Testing and Verification of IPv6 OSPFv3 Topology

Once all of the above has been configured, test the following:

Use ping over IPv6 to attempt to achieve connectivity from all routers to the Internet.
Use ping over IPv6 to attempt to achieve connectivity between various locations on the network including loopback addresses of routers and host addresses.

Solution

The lab was configured using these images:

Routers: Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.9(3)M6, RELEASE SOFTWARE (fc1)
Switches: Unmanaged switches were used for this topology since no VLAN or Layer 3 configurations are necessary.
Internet and H1 host: Simple hosts with a default gateway set to the connected router.

Basics

As mentioned before, you can choose to use the initial startup configs provided above, or you can choose to implement the initial configuration from scratch. The following section describes what you must do to complete the initial configurations.

Hostnames on devices

Configure a hostname on each individual router. Use the R1, R2, and R3 notations as they appear in the topology.
Because the switches are unmanaged, they don’t require any hostname configuration.
The host and the Internet don’t require any hostname configurations.

IP Addressing

Configure the loopback addresses and the physical interfaces with the appropriate IPv4 addresses as shown in the topology diagram and as described in the IPv4 addressing section above.

For the Linux hosts representing the Internet and H1, you can configure them like so:

Internet:~$ sudo ifconfig eth0 203.0.113.2 netmask 255.255.255.252
Internet:~$ sudo route add default gw 203.0.113.1

h1:~$ sudo ifconfig eth0 192.168.5.10 netmask 255.255.255.0
h1:~$ sudo route add default gw 192.168.5.7

Note that you may or may not need to prefix all of your commands using the “super user do” or sudo keyword.

IPv6 addressing

The initial configuration does not include IPv6 addresses. These will be configured at the appropriate section dealing with the migration to IPv6.

Basic OSPF configurations

The following section describes how to perform the basic OSPF configuration.

Area 0

To fulfill all of the stated requirements for the configuration of Area 0, perform the following configurations:

OSPF configurations

R1(config)#router ospf 1
R1(config-router)#network 20.20.20.0 0.0.0.255 area 0
R1(config-router)#network 1.1.1.1 255.255.255.255 area 0

R2(config)#router ospf 1
R2(config-router)#network 20.20.20.0 0.0.0.255 area 0
R2(config-router)#network 2.2.2.2 255.255.255.255 area 0

R3(config)#router ospf 1
R3(config-router)#network 20.20.20.0 0.0.0.255 area 0
R3(config-router)#network 3.3.3.3 255.255.255.255 area 0

R4(config)#router ospf 1
R4(config-router)#network 20.20.20.0 0.0.0.255 area 0
R4(config-router)#network 4.4.4.4 255.255.255.255 area 0

Basic OSPF configurations have been applied to R1, R2, R3, and R4, and loopbacks have been advertised using OSPF.

The following commands can be used to verify the configurations:

R1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   FULL/BDR        00:00:30    20.20.20.2      GigabitEthernet0/1
3.3.3.3           1   FULL/DROTHER    00:00:39    20.20.20.3      GigabitEthernet0/1
4.4.4.4           1   2WAY/DROTHER    00:00:37    20.20.20.4      GigabitEthernet0/1

R1 has become OSPF neighbors with R2, R3, and R4. The DR and BDR at this point are chosen based on the lowest router ID.

R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.1.1.0/24 is directly connected, Loopback0
L        1.1.1.1/32 is directly connected, Loopback0
      2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/2] via 20.20.20.2, 23:35:51, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 20.20.20.3, 23:36:01, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O        4.4.4.4 [110/2] via 20.20.20.4, 23:35:51, GigabitEthernet0/1
      20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        20.20.20.0/24 is directly connected, GigabitEthernet0/1
L        20.20.20.1/32 is directly connected, GigabitEthernet0/1
      203.0.113.0/24 is variably subnetted, 2 subnets, 2 masks
C        203.0.113.0/30 is directly connected, GigabitEthernet0/0
L        203.0.113.1/32 is directly connected, GigabitEthernet0/0

The loopbacks of R2, R3, and R4 have been successfully advertised via OSPF and received on R1, as they exist within the routing table.

R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
O        1.1.1.1 [110/2] via 20.20.20.1, 21:32:12, GigabitEthernet0/1
      2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        2.2.2.0/24 is directly connected, Loopback0
L        2.2.2.2/32 is directly connected, Loopback0
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 20.20.20.3, 21:32:12, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O        4.4.4.4 [110/2] via 20.20.20.4, 21:32:12, GigabitEthernet0/1
      20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        20.20.20.0/24 is directly connected, GigabitEthernet0/1
L        20.20.20.2/32 is directly connected, GigabitEthernet0/1

This is also the case for R2. The same should be seen on R3 and R4.

DR/BDR election results

To influence the DR/BDR election to ensure that R3 becomes the DR and R2 becomes the BDR for the 20.20.20.0/24 network segment, perform the following configurations.

R3(config)#interface GigabitEthernet0/1
R3(config-if)#ip ospf priority 100

R2(config)#interface GigabitEthernet0/1
R2(config-if)#ip ospf priority 50

The OSPF process must now be cleared on routers R1, R2, R3, and R4 like so:

#clear ip ospf process
Reset ALL OSPF processes? [no]: yes

To verify the configuration, let’s see the OSPF neighbors on R1 once again:

R1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2          50   FULL/BDR        00:00:33    20.20.20.2      GigabitEthernet0/1
3.3.3.3         100   FULL/DR         00:00:39    20.20.20.3      GigabitEthernet0/1
4.4.4.4           1   2WAY/DROTHER    00:00:31    20.20.20.4      GigabitEthernet0/1

As you can see, R3 has a priority of 100 and has become the DR, while R2 has a priority of 50 and has become the BDR.

Because the DR/BDR election is not preemptive, the results may vary depending upon the order with which you clear the OSPF processes in the routers. If you don’t get the above results, issue the clear ip ospf process command on R2 and check again. Also keep in mind that it may take several seconds, or up to a minute for the election to take place so that the DR/BDR state will be displayed as expected in the above output.

Static default route

First, have R1 advertise a default route using OSPF regardless of whether or not R1 has a configured default route. Once achieved, configure a static default route on R1 pointing to the Internet.

R1(config)#router ospf 1
R1(config-router)#default-information originate always

To verify that this default route is being advertised, use the following commands:

R2#show ip route | begin Gateway
Gateway of last resort is 20.20.20.1 to network 0.0.0.0

O*E2  0.0.0.0/0 [110/1] via 20.20.20.1, 00:00:05, GigabitEthernet0/1
      1.0.0.0/32 is subnetted, 1 subnets
O        1.1.1.1 [110/2] via 20.20.20.1, 21:39:13, GigabitEthernet0/1
      2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        2.2.2.0/24 is directly connected, Loopback0
L        2.2.2.2/32 is directly connected, Loopback0
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 20.20.20.3, 21:39:13, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O        4.4.4.4 [110/2] via 20.20.20.4, 21:39:13, GigabitEthernet0/1
      20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        20.20.20.0/24 is directly connected, GigabitEthernet0/1
L        20.20.20.2/32 is directly connected, GigabitEthernet0/1

Notice the default route indicated in the routing table of R2, as an “E2” route advertised by OSPF. It points to 20.20.20.1, which is R1. This route is advertised even though R1 does not itself have a default route configured. This is because of the always keyword that was used.

Now, configure a default route on R1 so that all default traffic can be forwarded to the Internet once it reaches R1:

R1(config)#ip route 0.0.0.0 0.0.0.0 203.0.113.2

Verify that this default route has entered the routing table of R1:

R1#show ip route | begin Gateway
Gateway of last resort is 203.0.113.2 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 203.0.113.2
      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.1.1.0/24 is directly connected, Loopback0
L        1.1.1.1/32 is directly connected, Loopback0
      2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/2] via 20.20.20.2, 23:57:02, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 20.20.20.3, 23:57:12, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O        4.4.4.4 [110/2] via 20.20.20.4, 23:57:02, GigabitEthernet0/1
      20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        20.20.20.0/24 is directly connected, GigabitEthernet0/1
L        20.20.20.1/32 is directly connected, GigabitEthernet0/1
      203.0.113.0/24 is variably subnetted, 2 subnets, 2 masks
C        203.0.113.0/30 is directly connected, GigabitEthernet0/0
L        203.0.113.1/32 is directly connected, GigabitEthernet0/0

As you can see, the static default route has been added to R1’s routing table.

The basic OSPF configurations for Area 0, as described in the requirements, are now complete.

Area 2

To configure a multi-area OSPF topology and fulfill all of the stated requirements for the configuration of Area 2, perform the following configurations:

OSPF configurations

R3(config)#router ospf 1
R3(config-router)#network 192.168.6.0 0.0.0.255 area 2

R7(config)#router ospf 1
R7(config-router)#network 192.168.6.0 0.0.0.255 area 2
R7(config-router)#network 192.168.5.0 0.0.0.255 area 2
R7(config-router)#network 7.7.7.7 255.255.255.255 area 2

To verify this configuration, use the following commands:

R3#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DROTHER    00:00:39    20.20.20.1      GigabitEthernet0/1
2.2.2.2          50   FULL/BDR        00:00:31    20.20.20.2      GigabitEthernet0/1
4.4.4.4           1   FULL/DROTHER    00:00:38    20.20.20.4      GigabitEthernet0/1
7.7.7.7           1   FULL/BDR        00:00:37    192.168.6.7     GigabitEthernet0/2

The above output shows that R7 has become an OSPF neighbor of R3, as expected.

R7#show ip route | begin Gateway
Gateway of last resort is 192.168.6.3 to network 0.0.0.0

O*E2  0.0.0.0/0 [110/1] via 192.168.6.3, 00:03:20, GigabitEthernet0/1
      1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/3] via 192.168.6.3, 00:00:38, GigabitEthernet0/1
      2.0.0.0/32 is subnetted, 1 subnets
O IA     2.2.2.2 [110/3] via 192.168.6.3, 00:00:38, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/2] via 192.168.6.3, 00:00:38, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O IA     4.4.4.4 [110/3] via 192.168.6.3, 00:00:38, GigabitEthernet0/1
      7.0.0.0/32 is subnetted, 1 subnets
C        7.7.7.7 is directly connected, Loopback0
      20.0.0.0/24 is subnetted, 1 subnets
O IA     20.20.20.0 [110/2] via 192.168.6.3, 00:00:38, GigabitEthernet0/1
      192.168.5.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.5.0/24 is directly connected, GigabitEthernet0/2
L        192.168.5.7/32 is directly connected, GigabitEthernet0/2
      192.168.6.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.6.0/24 is directly connected, GigabitEthernet0/1
L        192.168.6.7/32 is directly connected, GigabitEthernet0/1

From the above output, you can see that R3 has advertised all of the routes in Area 0 to R7, and these appear as Inter Area (IA) routes. You can also see the default route that is also advertised from R1 as an E2 route as expected. Notice also that the Gateway of Last Resort is actually set to the IP address of R3, which is the ABR of Area 2.

The above configurations fulfill the basic OSPF requirements for Area 2.

GigabitEthernet0/2 on R7 not to search for OSPF neighbors

R7(config)#router ospf 1
R7(config-router)#passive-interface GigabitEthernet0/2

To verify that the passive interface was configured correctly, use the following command:

R7#show ip protocols
*** IP Routing is NSF aware ***

Routing Protocol is "application"
  Sending updates every 0 seconds
  Invalid after 0 seconds, hold down 0, flushed after 0
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Maximum path: 32
  Routing for Networks:
  Routing Information Sources:
    Gateway         Distance      Last Update
  Distance: (default is 4)

Routing Protocol is "ospf 1"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 7.7.7.7
  Number of areas in this router is 2. 2 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    7.7.7.0 0.0.0.255 area 2
    192.168.5.0 0.0.0.255 area 2
    192.168.6.0 0.0.0.255 area 2
  Passive Interface(s):
    GigabitEthernet0/2
  Routing Information Sources:
    Gateway         Distance      Last Update
    2.2.2.2              110      00:06:38
    4.4.4.4              110      00:06:38
    1.1.1.1              110      00:03:05
    3.3.3.3              110      00:03:05
  Distance: (default is 110)

In the above output, you can see that GigabitEthernet0/2 is indicated as a Passive Interface.

Area 51

To fulfill all of the stated requirements for the configuration of Area 51, perform the following configurations:

OSPF configurations

R2(config)#router ospf 1
R2(config-router)#network 192.168.2.0 0.0.0.255 area 51

R4(config)#router ospf 1
R4(config-router)#network 192.168.1.0 0.0.0.255 area 51

R5(config)#router ospf 1
R5(config-router)#network 192.168.1.0 0.0.0.255 area 51
R5(config-router)#network 192.168.2.0 0.0.0.255 area 51
R5(config-router)#network 5.5.5.5 255.255.255.255 area 51

To verify the above configuration, use the following commands:

R5#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   FULL/DR         00:00:37    192.168.2.2     GigabitEthernet0/1
4.4.4.4           1   FULL/DR         00:00:34    192.168.1.4     GigabitEthernet0/2

Above, you can see that R5 has become a neighbor of both R2 and R4. The same should be true of R2 and R4.

R5#show ip route | begin Gateway
Gateway of last resort is 192.168.2.2 to network 0.0.0.0

O*E2  0.0.0.0/0 [110/1] via 192.168.2.2, 00:00:14, GigabitEthernet0/1
      1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/3] via 192.168.2.2, 00:00:14, GigabitEthernet0/1
      2.0.0.0/32 is subnetted, 1 subnets
O IA     2.2.2.2 [110/2] via 192.168.2.2, 00:00:14, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/3] via 192.168.2.2, 00:00:14, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O IA     4.4.4.4 [110/3] via 192.168.2.2, 00:00:14, GigabitEthernet0/1
      5.0.0.0/32 is subnetted, 1 subnets
C        5.5.5.5 is directly connected, Loopback0
      7.0.0.0/32 is subnetted, 1 subnets
O IA     7.7.7.7 [110/4] via 192.168.2.2, 00:00:14, GigabitEthernet0/1
      20.0.0.0/24 is subnetted, 1 subnets
O IA     20.20.20.0 [110/2] via 192.168.2.2, 00:00:14, GigabitEthernet0/1
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, GigabitEthernet0/2
L        192.168.1.5/32 is directly connected, GigabitEthernet0/2
      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.2.0/24 is directly connected, GigabitEthernet0/1
L        192.168.2.5/32 is directly connected, GigabitEthernet0/1
O IA  192.168.5.0/24 [110/4] via 192.168.2.2, 00:00:14, GigabitEthernet0/1
O IA  192.168.6.0/24 [110/3] via 192.168.2.2, 00:00:14, GigabitEthernet0/1
      192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.20.0/24 is directly connected, GigabitEthernet0/3
L        192.168.20.5/32 is directly connected, GigabitEthernet0/3

In the above routing table, you can see that R5 has learned about all of the routes in Area 0 as well as those in Area 2. These are indicated by Inter-Area or “IA” routes. The default route via R1 is also known, but the gateway of last resort that is used is the IP of R2, which is one of the ABRs of Area 51. R2 is chosen as the next hop because its router ID is lower than that of R4.

R5 Router ID

To configure R5 with an explicitly stated router ID such that it will become the DR for both of its connections in Area 51, perform the following:

R5(config)#router ospf 1
R5(config-router)#router-id 1.0.0.1
% OSPF: Reload or use "clear ip ospf process" command, for this to take effect
R5(config-router)#exit
R5(config)#exit
R5#clear ip ospf process
Reset ALL OSPF processes? [no]: yes

Note that the router ID you choose can be anything as long as it is of a lower value than the router IDs of R2 and R4. Use the following command to verify the DR and BDR roles.

R5#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   FULL/BDR        00:00:38    192.168.2.2     GigabitEthernet0/1
4.4.4.4           1   FULL/BDR        00:00:32    192.168.1.4     GigabitEthernet0/2

Notice that both R2 and R4 become the BDRs for their respective networks, which means that the local router R5 is the DR for both.

Because the DR/BDR election is not preemptive, you may need to clear the OSPF process on routers R2 and R4 as well in order to get the above results. Note that it may take several seconds, or up to a minute for OSPF to reconverge so that the DR/BDR state will be displayed in te above output.

Static routing on R5 and R6

To configure R5 (the ASBR) and R6 with the required static routing, perform the following configurations:

R5(config)#ip route 6.6.6.6 255.255.255.255 192.168.20.6
R5(config)#ip route 172.16.10.0 255.255.255.0 192.168.20.6
R5(config)#ip route 172.16.11.0 255.255.255.0 192.168.20.6
R5(config)#ip route 172.16.12.0 255.255.255.0 192.168.20.6

R6(config)#ip route 0.0.0.0 0.0.0.0 192.168.20.5

To verify that the static routing is correctly configured, perform the following commands:

R5#show ip route | include S
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
S        6.6.6.6 [1/0] via 192.168.20.6
S        172.16.10.0 [1/0] via 192.168.20.6
S        172.16.11.0 [1/0] via 192.168.20.6
S        172.16.12.0 [1/0] via 192.168.20.6

As you can see, the static routes have been applied to R5.

R6#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 192.168.20.5 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.20.5
      6.0.0.0/32 is subnetted, 1 subnets
C        6.6.6.6 is directly connected, Loopback0
      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.10.0/24 is directly connected, Loopback1
L        172.16.10.6/32 is directly connected, Loopback1
C        172.16.11.0/24 is directly connected, Loopback2
L        172.16.11.6/32 is directly connected, Loopback2
C        172.16.12.0/24 is directly connected, Loopback3
L        172.16.12.6/32 is directly connected, Loopback3
      192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.20.0/24 is directly connected, GigabitEthernet0/1
L        192.168.20.6/32 is directly connected, GigabitEthernet0/1

The default route has also been correctly installed in the routing table of R6.

R5#ping 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

R5#ping 172.16.10.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/6 ms

R5#ping 172.16.11.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/6 ms

R5#ping 172.16.12.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/6 ms

R5 is able to reach the remote networks on R6.

Redistributing static and connected routes into OSPF on R5

R5(config)#router ospf 1
R5(config-router)#redistribute static
R5(config-router)#redistribute connected

To verify the redistribution of these static routes, use the following commands:

R2#show ip route | include O E2
O E2     6.6.6.6 [110/20] via 192.168.2.5, 00:06:07, GigabitEthernet0/2
O E2     172.16.10.0 [110/20] via 192.168.2.5, 00:06:07, GigabitEthernet0/2
O E2     172.16.11.0 [110/20] via 192.168.2.5, 00:06:07, GigabitEthernet0/2
O E2     172.16.12.0 [110/20] via 192.168.2.5, 00:06:07, GigabitEthernet0/2
O E2  192.168.20.0/24 [110/20] via 192.168.2.5, 00:06:07, GigabitEthernet0/2

R4#show ip route | include O E2
O E2     6.6.6.6 [110/20] via 192.168.1.5, 00:06:24, GigabitEthernet0/2
O E2     172.16.10.0 [110/20] via 192.168.1.5, 00:06:24, GigabitEthernet0/2
O E2     172.16.11.0 [110/20] via 192.168.1.5, 00:06:24, GigabitEthernet0/2
O E2     172.16.12.0 [110/20] via 192.168.1.5, 00:06:24, GigabitEthernet0/2
O E2  192.168.20.0/24 [110/20] via 192.168.1.5, 00:06:24, GigabitEthernet0/2

As you can see, both R2 and R4 have received updates of both the redistributed static routes as well as the redistributed connected route.

Area 51 as a Totally NSSA

To configure Area 51 as a totally NSSA, perform the following configurations:

R2(config)#router ospf 1
R2(config-router)#area 51 nssa no-summary

R4(config)#router ospf 1
R4(config-router)#area 51 nssa no-summary

R5(config)#router ospf 1
R5(config-router)#area 51 nssa

The above commands ensure that Area 51 becomes a Totally NSSA area. To verify this, use the following commands:

R5#show ip route | begin Gateway
Gateway of last resort is 192.168.2.2 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 192.168.2.2, 00:00:13, GigabitEthernet0/1
                [110/2] via 192.168.1.4, 00:00:13, GigabitEthernet0/2
      5.0.0.0/32 is subnetted, 1 subnets
C        5.5.5.5 is directly connected, Loopback0
      6.0.0.0/32 is subnetted, 1 subnets
S        6.6.6.6 [1/0] via 192.168.20.6
      172.16.0.0/24 is subnetted, 3 subnets
S        172.16.10.0 [1/0] via 192.168.20.6
S        172.16.11.0 [1/0] via 192.168.20.6
S        172.16.12.0 [1/0] via 192.168.20.6
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, GigabitEthernet0/2
L        192.168.1.5/32 is directly connected, GigabitEthernet0/2
      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.2.0/24 is directly connected, GigabitEthernet0/1
L        192.168.2.5/32 is directly connected, GigabitEthernet0/1
      192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.20.0/24 is directly connected, GigabitEthernet0/3
L        192.168.20.5/32 is directly connected, GigabitEthernet0/3

As you can see from the routing table of R5, all OSPF routes have been replaced with a single Inter Area (IA) default route that is load-balanced between ABRs R2 and R4. The gateway of last resort is set to the next hop IP of R2 because it has the lower router ID.

Area 51 has been configured and verified as per the requirements.

Area 3

To fulfill all of the stated requirements for the configuration of Area 3, perform the following configurations:

OSPF configurations

R3(config)#router ospf 1
R3(config-router)#network 192.168.3.0 0.0.0.255 area 3

R9(config)#router ospf 1
R9(config-router)#network 192.168.3.0 0.0.0.255 area 3
R9(config-router)#network 9.9.9.9 255.255.255.255 area 3

R10(config)#router ospf 1
R10(config-router)#network 192.168.3.0 0.0.0.255 area 3
R10(config-router)#network 10.10.10.10 255.255.255.255 area 3

Area 3 as a point to multipoint non-broadcast network type

For the point to multipoint non-broadcast network configuration, we can consider R3 as the hub and R9 and R10 as the spokes. The following configurations fulfill the related requirements for Area 3.

R3(config)#interface GigabitEthernet0/3
R3(config-if)#ip ospf network point-to-multipoint non-broadcast
R3(config-if)#ip ospf hello-interval 20
R3(config-if)#ip ospf dead-interval 80
R3(config-if)#exit
R3(config)#router ospf 1
R3(config-router)#neighbor 192.168.3.9
R3(config-router)#neighbor 192.168.3.10

R9(config)#interface GigabitEthernet0/1
R9(config-if)#ip ospf network point-to-multipoint non-broadcast
R9(config-if)#ip ospf hello-interval 20
R9(config-if)#ip ospf dead-interval 80

R10(config)#interface GigabitEthernet0/1
R10(config-if)#ip ospf network point-to-multipoint non-broadcast
R10(config-if)#ip ospf hello-interval 20
R10(config-if)#ip ospf dead-interval 80

To verify the above configurations, use the following commands:

R3#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DROTHER    00:00:37    20.20.20.1      GigabitEthernet0/1
2.2.2.2          50   FULL/BDR        00:00:39    20.20.20.2      GigabitEthernet0/1
4.4.4.4           1   FULL/DROTHER    00:00:36    20.20.20.4      GigabitEthernet0/1
7.7.7.7           1   FULL/BDR        00:00:37    192.168.6.7     GigabitEthernet0/2
10.10.10.10       0   FULL/  -        00:01:13    192.168.3.10    GigabitEthernet0/3
9.9.9.9           0   FULL/  -        00:01:13    192.168.3.9     GigabitEthernet0/3

R9#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
3.3.3.3           0   FULL/  -        00:01:17    192.168.3.3     GigabitEthernet0/1

R10#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
3.3.3.3           0   FULL/  -        00:01:13    192.168.3.3     GigabitEthernet0/1

Notice that R3 becomes neighbors with R9 and R10 separately, because of the manual neighbor configuration. R9 and R10 do not become neighbors with each other, due to the point to multipoint topology. Similarly, there is no DR or BDR for these adjacencies since this is a non-broadcast topology, thus no DRs or BDRs are necessary.

R9#show ip ospf interface GigabitEthernet0/1 | include intervals
  Timer intervals configured, Hello 20, Dead 80, Wait 80, Retransmit 5

The above output shows that the dead and hello intervals are configured as expected on R9. The same should be observed on R3 and R10 for the corresponding interfaces.

R9#show ip route | begin Gateway
Gateway of last resort is 192.168.3.3 to network 0.0.0.0

O*E2  0.0.0.0/0 [110/1] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
      1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/3] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
      2.0.0.0/32 is subnetted, 1 subnets
O IA     2.2.2.2 [110/3] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/2] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O IA     4.4.4.4 [110/3] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
      5.0.0.0/32 is subnetted, 1 subnets
O IA     5.5.5.5 [110/4] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
      6.0.0.0/32 is subnetted, 1 subnets
O E2     6.6.6.6 [110/20] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
      7.0.0.0/32 is subnetted, 1 subnets
O IA     7.7.7.7 [110/3] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
      9.0.0.0/32 is subnetted, 1 subnets
C        9.9.9.9 is directly connected, Loopback0
      20.0.0.0/24 is subnetted, 1 subnets
O IA     20.20.20.0 [110/2] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
      172.16.0.0/24 is subnetted, 3 subnets
O E2     172.16.10.0 [110/20] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
O E2     172.16.11.0 [110/20] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
O E2     172.16.12.0 [110/20] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
O IA  192.168.1.0/24 [110/3] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
O IA  192.168.2.0/24 [110/3] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
      192.168.3.0/24 is variably subnetted, 3 subnets, 2 masks
C        192.168.3.0/24 is directly connected, GigabitEthernet0/1
O        192.168.3.3/32 [110/1] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
L        192.168.3.9/32 is directly connected, GigabitEthernet0/1
O IA  192.168.5.0/24 [110/3] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
O IA  192.168.6.0/24 [110/2] via 192.168.3.3, 00:00:14, GigabitEthernet0/1
O E2  192.168.20.0/24 [110/20] via 192.168.3.3, 00:00:14, GigabitEthernet0/1

The routing table of R9 shows all OSPF Inter Area (IA) routes as expected. It also shows the redistributed static and connected routes from R5, as well as the default route, all as expected. The gateway of last resort is set to the IP address of R3 which is the ABR of Area 3. You should see similar results in the routing table of R10.

Area 3 as a Stub Area

To configure Area 3 as a stub area, perform the following configurations:

R3(config)#router ospf 1
R3(config-router)#area 3 stub

R9(config)#router ospf 1
R9(config-router)#area 3 stub

R10(config)#router ospf 1
R10(config-router)#area 3 stub

To verify this configuration, use the following command:

R9#show ip route | begin Gateway
Gateway of last resort is 192.168.3.3 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 192.168.3.3, 00:00:06, GigabitEthernet0/1
      1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/3] via 192.168.3.3, 00:00:06, GigabitEthernet0/1
      2.0.0.0/32 is subnetted, 1 subnets
O IA     2.2.2.2 [110/3] via 192.168.3.3, 00:00:06, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/2] via 192.168.3.3, 00:00:06, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O IA     4.4.4.4 [110/3] via 192.168.3.3, 00:00:06, GigabitEthernet0/1
      5.0.0.0/32 is subnetted, 1 subnets
O IA     5.5.5.5 [110/4] via 192.168.3.3, 00:00:06, GigabitEthernet0/1
      7.0.0.0/32 is subnetted, 1 subnets
O IA     7.7.7.7 [110/3] via 192.168.3.3, 00:00:06, GigabitEthernet0/1
      9.0.0.0/32 is subnetted, 1 subnets
C        9.9.9.9 is directly connected, Loopback0
      20.0.0.0/24 is subnetted, 1 subnets
O IA     20.20.20.0 [110/2] via 192.168.3.3, 00:00:06, GigabitEthernet0/1
O IA  192.168.1.0/24 [110/3] via 192.168.3.3, 00:00:06, GigabitEthernet0/1
O IA  192.168.2.0/24 [110/3] via 192.168.3.3, 00:00:06, GigabitEthernet0/1
      192.168.3.0/24 is variably subnetted, 3 subnets, 2 masks
C        192.168.3.0/24 is directly connected, GigabitEthernet0/1
O        192.168.3.3/32 [110/1] via 192.168.3.3, 00:00:06, GigabitEthernet0/1
L        192.168.3.9/32 is directly connected, GigabitEthernet0/1
O IA  192.168.5.0/24 [110/3] via 192.168.3.3, 00:00:06, GigabitEthernet0/1
O IA  192.168.6.0/24 [110/2] via 192.168.3.3, 00:00:06, GigabitEthernet0/1

Notice that on R9, all OSPF routes are removed except for the Inter Area (IA) routes, as is expected in a stub area. External routes are taken care of by the default route, which points to the ABR.

Non-Contiguous Area 0

To fulfill all of the stated requirements for the configuration of the non-contiguous Area 0 portion of the network, perform the following configurations:

OSPF configurations

R7(config)#router ospf 1
R7(config-router)#network 20.20.30.0 0.0.0.255 area 0

R8(config)#router ospf 1
R8(config-router)#network 20.20.30.0 0.0.0.255 area 0
R8(config-router)#network 8.8.8.8 255.255.255.255 area 0

4.3.5.2 Create a Virtual Link

The following configurations create a virtual link so that the non-contiguous part of Area 0 will become part of the Area 0 backbone.

R7(config)#router ospf 1
R7(config-router)#area 2 virtual-link 3.3.3.3

R3(config)#router ospf 1
R3(config-router)#area 2 virtual-link 7.7.7.7

To verify the above configuration, use the following commands:

R7#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
3.3.3.3           0   FULL/  -        00:00:28    192.168.6.3     OSPF_VL3
8.8.8.8           1   FULL/ΒDR        00:00:37    20.20.30.8      GigabitEthernet0/3
3.3.3.3           1   FULL/DR         00:00:37    192.168.6.3     GigabitEthernet0/1

The above output shows an additional neighbor adjacency between R7 and R3 which is indicated on Interface OSPF_VL3. This is the virtual link that is created across Area 2 to connect the discontiguous sections of Area 0. You can also see the adjacency that has been created with R8 in the same Area 0.

R7#show ip route | begin Gateway
Gateway of last resort is 192.168.6.3 to network 0.0.0.0

O*E2  0.0.0.0/0 [110/1] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
      1.0.0.0/32 is subnetted, 1 subnets
O        1.1.1.1 [110/3] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
      2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/3] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O        4.4.4.4 [110/3] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
      5.0.0.0/32 is subnetted, 1 subnets
O IA     5.5.5.5 [110/4] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
      6.0.0.0/32 is subnetted, 1 subnets
O E2     6.6.6.6 [110/20] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
      7.0.0.0/32 is subnetted, 1 subnets
C        7.7.7.7 is directly connected, Loopback0
      8.0.0.0/32 is subnetted, 1 subnets
O        8.8.8.8 [110/2] via 20.20.30.8, 00:02:26, GigabitEthernet0/3
      9.0.0.0/32 is subnetted, 1 subnets
O IA     9.9.9.9 [110/3] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
      10.0.0.0/32 is subnetted, 1 subnets
O IA     10.10.10.10 [110/3] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
      20.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O        20.20.20.0/24 [110/2] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
C        20.20.30.0/24 is directly connected, GigabitEthernet0/3
L        20.20.30.7/32 is directly connected, GigabitEthernet0/3
      172.16.0.0/24 is subnetted, 3 subnets
O E2     172.16.10.0 [110/20] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
O E2     172.16.11.0 [110/20] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
O E2     172.16.12.0 [110/20] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
O IA  192.168.1.0/24 [110/3] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
O IA  192.168.2.0/24 [110/3] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
      192.168.3.0/32 is subnetted, 3 subnets
O IA     192.168.3.3 [110/1] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
O IA     192.168.3.9 [110/2] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
O IA     192.168.3.10 [110/2] via 192.168.6.3, 00:01:51, GigabitEthernet0/1
      192.168.5.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.5.0/24 is directly connected, GigabitEthernet0/2
L        192.168.5.7/32 is directly connected, GigabitEthernet0/2
      192.168.6.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.6.0/24 is directly connected, GigabitEthernet0/1
L        192.168.6.7/32 is directly connected, GigabitEthernet0/1
O E2  192.168.20.0/24 [110/20] via 192.168.6.3, 00:01:51, GigabitEthernet0/1

Examining the routing table of R7 shows that the loopback interfaces of routers R1, R2, R3, and R4, which exist within Area 0 now appear as simple OSPF Intra-Area routes (indicated by “O”) rather than Inter Area (IA) routes. This is due to the virtual link.

R8#show ip route | begin Gateway
Gateway of last resort is 20.20.30.7 to network 0.0.0.0

O*E2  0.0.0.0/0 [110/1] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
      1.0.0.0/32 is subnetted, 1 subnets
O        1.1.1.1 [110/4] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
      2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/4] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/3] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O        4.4.4.4 [110/4] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
      5.0.0.0/32 is subnetted, 1 subnets
O IA     5.5.5.5 [110/5] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
      6.0.0.0/32 is subnetted, 1 subnets
O E2     6.6.6.6 [110/20] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
      7.0.0.0/32 is subnetted, 1 subnets
O IA     7.7.7.7 [110/2] via 20.20.30.7, 00:04:25, GigabitEthernet0/1
      8.0.0.0/32 is subnetted, 1 subnets
C        8.8.8.8 is directly connected, Loopback0
      9.0.0.0/32 is subnetted, 1 subnets
O IA     9.9.9.9 [110/4] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
      10.0.0.0/32 is subnetted, 1 subnets
O IA     10.10.10.10 [110/4] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
      20.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O        20.20.20.0/24 [110/3] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
C        20.20.30.0/24 is directly connected, GigabitEthernet0/1
L        20.20.30.8/32 is directly connected, GigabitEthernet0/1
      172.16.0.0/24 is subnetted, 3 subnets
O E2     172.16.10.0 [110/20] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
O E2     172.16.11.0 [110/20] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
O E2     172.16.12.0 [110/20] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
O IA  192.168.1.0/24 [110/4] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
O IA  192.168.2.0/24 [110/4] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
      192.168.3.0/32 is subnetted, 3 subnets
O IA     192.168.3.3 [110/2] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
O IA     192.168.3.9 [110/3] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
O IA     192.168.3.10 [110/3] via 20.20.30.7, 00:03:39, GigabitEthernet0/1
O IA  192.168.5.0/24 [110/2] via 20.20.30.7, 00:04:25, GigabitEthernet0/1
O IA  192.168.6.0/24 [110/2] via 20.20.30.7, 00:04:25, GigabitEthernet0/1
O E2  192.168.20.0/24 [110/20] via 20.20.30.7, 00:03:39, GigabitEthernet0/1

Above, you can see similar results from the routing table of R8. Routes from within Area 0 now appear as Intra-Area routes (indicated with “O”), thus confirming the correct operation of the virtual link.

R7#show ip ospf virtual-links
Virtual Link OSPF_VL3 to router 3.3.3.3 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 2, via interface GigabitEthernet0/1
 Topology-MTID    Cost    Disabled     Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:04
    Adjacency State FULL (Hello suppressed)
    Index 1/2/3, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec

The above command shows details about the operation of the virtual link that has been created on R7. Similar results should appear when this command is applied to R3, which is the other end of the virtual link.

Testing Connectivity of Basic OSPF Configuration

The following commands demonstrate the establishment of connectivity from and to various devices on the topology. These are just some of the tests that can be performed. You can devise your own tests beyond these:

Pinging the Internet

Ping from 6.6.6.6 on R6 to the Internet

R6#ping 203.0.113.2 source 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.0.113.2, timeout is 2 seconds:
Packet sent with a source address of 6.6.6.6 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms

Ping from 10.10.10.10 on R10 to the Internet

R10#ping 203.0.113.2 source 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.0.113.2, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.10 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/7 ms

Ping from 8.8.8.8 on R8 to the Internet

R8#ping 203.0.113.2 source 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.0.113.2, timeout is 2 seconds:
Packet sent with a source address of 8.8.8.8 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms

Ping from H1 to the Internet

h1:~$ ping 203.0.113.2
PING 203.0.113.2 (203.0.113.2): 56 data bytes
64 bytes from 203.0.113.2: seq=0 ttl=42 time=7.799 ms
64 bytes from 203.0.113.2: seq=1 ttl=42 time=8.395 ms
64 bytes from 203.0.113.2: seq=2 ttl=42 time=4.725 ms
64 bytes from 203.0.113.2: seq=3 ttl=42 time=10.776 ms
^C
--- 203.0.113.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 4.725/7.923/10.776 ms

Pinging the Inter-Area locations

Ping from 9.9.9.9 on R9 to 10.10.10.10 on R10

R9#ping 10.10.10.10 source 9.9.9.9
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 9.9.9.9 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/6 ms

Ping from 7.7.7.7 on R7 to 9.9.9.9 in R9

R7#ping 9.9.9.9 source 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/5 ms

Ping from 5.5.5.5 on R5 to 10.10.10.10 on R10

R5#ping 10.10.10.10 source 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 5.5.5.5 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms

Ping from H1 to 172.16.10.6 on R6

h1:~$ ping 172.16.10.6
PING 172.16.10.6 (172.16.10.6): 56 data bytes
64 bytes from 172.16.10.6: seq=0 ttl=42 time=13.896 ms
64 bytes from 172.16.10.6: seq=1 ttl=42 time=13.268 ms
64 bytes from 172.16.10.6: seq=2 ttl=42 time=15.876 ms
64 bytes from 172.16.10.6: seq=3 ttl=42 time=18.204 ms
^C
--- 172.16.10.6 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 13.268/15.311/18.204 ms

Traceroute between various locations

Traceroute from R6 to H1

R6#traceroute 192.168.5.10
Type escape sequence to abort.
Tracing the route to 192.168.5.10
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.20.5 2 msec 3 msec 3 msec
  2 192.168.2.2 4 msec 5 msec 14 msec
  3 20.20.20.3 14 msec 6 msec 4 msec
  4 192.168.6.7 5 msec 6 msec 5 msec
  5 192.168.5.10 5 msec 4 msec 6 msec

Traceroute from R5 to 10.10.10.10 on R10

R5#traceroute 10.10.10.10
Type escape sequence to abort.
Tracing the route to 10.10.10.10
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.2.2 7 msec
    192.168.1.4 3 msec
    192.168.2.2 3 msec
  2 20.20.20.3 4 msec 4 msec 2 msec
  3 192.168.3.10 5 msec *  6 msec

Traceroute from 10.10.10.10 on R10 to 9.9.9.9 on R9

R10#traceroute 9.9.9.9
Type escape sequence to abort.
Tracing the route to 9.9.9.9
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.3.3 3 msec 2 msec 2 msec
  2 192.168.3.9 7 msec *  7 msec

Advanced OSPF configurations

The following section describes how to perform the required advanced OSPF configurations described in the tasks above.

Security and Authentication

In this section, you will apply several security and authentication features of OSPF. These will primarily be applied to Area 51. To fulfill all of the stated requirements for these features, perform the following configurations:

Plain text OSPF neighbor authentication

To configure plain text OSPF neighbor authentication between routers R5 and R4, as well as between R5 and R2 in Area 51, perform the following configurations:

R5(config)#interface gigabitEthernet 0/1
R5(config-if)#ip ospf authentication
R5(config-if)#ip ospf authentication-key my_pass

R2(config)#interface gigabitEthernet 0/2
R2(config-if)#ip ospf authentication
R2(config-if)#ip ospf authentication-key my_pass

R5(config)#interface gigabitEthernet 0/2
R5(config-if)#ip ospf authentication
R5(config-if)#ip ospf authentication-key my_pass2

R4(config)#interface gigabitEthernet 0/2
R4(config-if)#ip ospf authentication
R4(config-if)#ip ospf authentication-key my_pass2

You can use any password you like for the authentication key. However, it is a good idea to use different passwords for different neighbor adjacencies.

The following commands can be used to verify that the routers have successfully applied authentication and have become neighbors.

R5#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   FULL/DR         00:00:37    192.168.2.2     GigabitEthernet0/1
4.4.4.4           1   FULL/DR         00:00:39    192.168.1.4     GigabitEthernet0/2

The above shows that R5 has successfully become neighbors with both R2 and R4. The neighbor adjacency can also be configured by issuing the same command on both R2 and R4.

R5#show ip ospf interface GigabitEthernet0/1
GigabitEthernet0/1 is up, line protocol is up 
  Internet Address 192.168.2.5/24, Area 51, Attached via Network Statement
  Process ID 1, Router ID 1.0.0.1, Network Type BROADCAST, Cost: 1
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State BDR, Priority 1
  Designated Router (ID) 2.2.2.2, Interface address 192.168.2.2
  Backup Designated router (ID) 1.0.0.1, Interface address 192.168.2.5
  Flush timer for old DR LSA due in 00:00:56
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:04
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 1/3/3, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 2
  Last flood scan time is 0 msec, maximum is 1 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 2.2.2.2  (Designated Router)
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled

R5#show ip ospf interface GigabitEthernet0/2
GigabitEthernet0/2 is up, line protocol is up 
  Internet Address 192.168.1.5/24, Area 51, Attached via Network Statement
  Process ID 1, Router ID 1.0.0.1, Network Type BROADCAST, Cost: 1
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State BDR, Priority 1
  Designated Router (ID) 4.4.4.4, Interface address 192.168.1.4
  Backup Designated router (ID) 1.0.0.1, Interface address 192.168.1.5
  Flush timer for old DR LSA due in 00:00:00
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:01
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 1/2/2, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 2
  Last flood scan time is 0 msec, maximum is 2 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 4.4.4.4  (Designated Router)
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled

The above output shows that from the point of view of R5, adjacencies to both R2 and R4 are up, and have been configured with “Simple password authentication enabled”. This confirms the adjacency and the configuration of the authentication.

TTL security check

To configure the TTL security check between R5 and R2, as well as between R5 and R4 with the most restrictive TTL value possible, perform the following configuration:

R5(config)#inter GigabitEthernet0/1
R5(config-if)#ip ospf ttl-security hops 1

R2(config)#inter GigabitEthernet0/2
R2(config-if)#ip ospf ttl-security hops 1

R5(config)#inter GigabitEthernet0/2
R5(config-if)#ip ospf ttl-security hops 1

R4(config)#inter GigabitEthernet0/2
R4(config-if)#ip ospf ttl-security hops 1

By explicitly indicating a hop of 1, only OSPF messages received from directly connected neighbors will be processed.

To verify the configuration, issue the following commands:

R5#show ip ospf interface GigabitEthernet0/1
GigabitEthernet0/1 is up, line protocol is up 
  Internet Address 192.168.2.5/24, Area 51, Attached via Network Statement
  Process ID 1, Router ID 1.0.0.1, Network Type BROADCAST, Cost: 1
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State BDR, Priority 1
  Designated Router (ID) 2.2.2.2, Interface address 192.168.2.2
  Backup Designated router (ID) 1.0.0.1, Interface address 192.168.2.5
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:09
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Strict TTL checking enabled
  Index 1/3/3, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 3
  Last flood scan time is 1 msec, maximum is 1 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 2.2.2.2  (Designated Router)
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled

R5#show ip ospf interface GigabitEthernet0/2
GigabitEthernet0/2 is up, line protocol is up 
  Internet Address 192.168.1.5/24, Area 51, Attached via Network Statement
  Process ID 1, Router ID 1.0.0.1, Network Type BROADCAST, Cost: 1
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State BDR, Priority 1
  Designated Router (ID) 4.4.4.4, Interface address 192.168.1.4
  Backup Designated router (ID) 1.0.0.1, Interface address 192.168.1.5
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:06
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Strict TTL checking enabled
  Index 1/2/2, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 3
  Last flood scan time is 1 msec, maximum is 2 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 4.4.4.4  (Designated Router)
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled

In the above output, for the interfaces on R5 connecting to routers R2 and R3, you can see that the adjacency is up and that there is “Strict TTL checking enabled”.

The same can be seen by issuing the same commands on R2 and R4, respectively:

R2#show ip ospf interface GigabitEthernet0/2
GigabitEthernet0/2 is up, line protocol is up 
  Internet Address 192.168.2.2/24, Area 51, Attached via Network Statement
  Process ID 1, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 1
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 2.2.2.2, Interface address 192.168.2.2
  Backup Designated router (ID) 1.0.0.1, Interface address 192.168.2.5
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:00
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Strict TTL checking enabled
  Index 1/1/3, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 2, maximum is 2
  Last flood scan time is 0 msec, maximum is 1 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 1.0.0.1  (Backup Designated Router)
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled

R4#show ip ospf interface GigabitEthernet0/2
GigabitEthernet0/2 is up, line protocol is up 
  Internet Address 192.168.1.4/24, Area 51, Attached via Network Statement
  Process ID 1, Router ID 4.4.4.4, Network Type BROADCAST, Cost: 1
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 4.4.4.4, Interface address 192.168.1.4
  Backup Designated router (ID) 1.0.0.1, Interface address 192.168.1.5
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:03
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Strict TTL checking enabled
  Index 1/1/3, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 2
  Last flood scan time is 0 msec, maximum is 1 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 1.0.0.1  (Backup Designated Router)
  Suppress hello for 0 neighbor(s)
  Simple password authentication enabled

This confirms that the TTL check has been configured successfully.

MD5 and SHA-HMAC OSPF neighbor authentication

To replace the plain text authentication with MD5 authentication for OSPF neighbors R5 and R4, use the following commands:

R5(config)#interface GigabitEthernet0/2
R5(config-if)#no ip ospf authentication
R5(config-if)#no ip ospf authentication-key 
R5(config-if)#ip ospf authentication message-digest 
R5(config-if)#ip ospf message-digest-key 1 md5 my_pass

R4(config)#interface GigabitEthernet0/2
R4(config-if)#no ip ospf authentication
R4(config-if)#no ip ospf authentication-key
R4(config-if)#ip ospf authentication message-digest
R4(config-if)#ip ospf message-digest-key 1 md5 my_pass

To verify that R4 and R5 have become neighbors and that MD5 is being used for authentication, use the following commands:

R5#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   FULL/DR         00:00:38    192.168.2.2     GigabitEthernet0/1
4.4.4.4           1   FULL/DR         00:00:37    192.168.1.4     GigabitEthernet0/2

The above confirms that R4 and R5 have successfully become neighbors.

R5#show ip ospf interface GigabitEthernet 0/2
GigabitEthernet0/2 is up, line protocol is up 
  Internet Address 192.168.1.5/24, Area 51, Attached via Network Statement
  Process ID 1, Router ID 1.0.0.1, Network Type BROADCAST, Cost: 1
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State BDR, Priority 1
  Designated Router (ID) 4.4.4.4, Interface address 192.168.1.4
  Backup Designated router (ID) 1.0.0.1, Interface address 192.168.1.5
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:04
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Strict TTL checking enabled
  Index 1/2/2, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 3
  Last flood scan time is 0 msec, maximum is 2 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 4.4.4.4  (Designated Router)
  Suppress hello for 0 neighbor(s)
  Cryptographic authentication enabled
    Youngest key id is 1

Notice that it states that “Cryptographic authentication is enabled” and that the “Youngest key id is 1.” These verify that MD5 has been successfully used to authenticate the OSPF neighbors. Issuing the same command on R4 should also produce similar results.

To replace the plain text authentication with SHA-HMAC authentication for OSPF neighbors R5 and R2, use the following commands:

R5(config)#key chain R5
R5(config-keychain)#key 1
R5(config-keychain-key)#cryptographic-algorithm hmac-sha-512
R5(config-keychain-key)#key-string R5_R2_pass

R5(config)#interface GigabitEthernet0/1
R5(config-if)#no ip ospf authentication
R5(config-if)#no ip ospf authentication-key 
R5(config-if)#ip ospf authentication key-chain R5

R2(config)#key chain R2
R2(config-keychain)#key 1
R2(config-keychain-key)#cryptographic-algorithm hmac-sha-512
R2(config-keychain-key)#key-string R5_R2_pass

R2(config)#interface GigabitEthernet0/2
R2(config-if)#no ip ospf authentication
R2(config-if)#no ip ospf authentication-key
R2(config-if)#ip ospf authentication key-chain R2

To verify that R2 and R5 have become neighbors and that HMAC-SHA is being used as the cryptographic algorithm for authentication, use the following commands:

R5#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   FULL/DR         00:00:39    192.168.2.2     GigabitEthernet0/1
4.4.4.4           1   FULL/DR         00:00:32    192.168.1.4     GigabitEthernet0/2

The above confirms that R2 and R5 have successfully become neighbors.

R5#show ip ospf interface GigabitEthernet0/1
GigabitEthernet0/1 is up, line protocol is up 
  Internet Address 192.168.2.5/24, Area 51, Attached via Network Statement
  Process ID 1, Router ID 1.0.0.1, Network Type BROADCAST, Cost: 1
  Topology-MTID    Cost    Disabled    Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State BDR, Priority 1
  Designated Router (ID) 2.2.2.2, Interface address 192.168.2.2
  Backup Designated router (ID) 1.0.0.1, Interface address 192.168.2.5
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:05
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Strict TTL checking enabled
  Index 1/3/3, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 3, maximum is 3
  Last flood scan time is 0 msec, maximum is 3 msec
  Neighbor Count is 1, Adjacent neighbor count is 1 
    Adjacent with neighbor 2.2.2.2  (Designated Router)
  Suppress hello for 0 neighbor(s)
  Cryptographic authentication enabled
    Sending SA: Key 1, Algorithm HMAC-SHA-512 - key chain R5

In the above output, notice that it states that “Cryptographic authentication is enabled.” The next statement shows that HMAC-SHA-512 is being used with the configured key chain. These results verify that HMAC-SHA has been successfully used to authenticate the OSPF neighbors. Issuing the same command on R2 should also produce similar results.

Virtual Link Authentication

To configure Virtual Link authentication using MD5 on the virtual link between R3 and R7, use the following commands:

R3(config)#router ospf 1
R3(config-router)#area 0 authentication message-digest
R3(config-router)#area 2 virtual-link 7.7.7.7 message-digest-key 1 md5 my_pass

R7(config)#router ospf 1
R7(config-router)#area 0 authentication message-digest
R7(config-router)#area 2 virtual-link 3.3.3.3 message-digest-key 1 md5 my_pass

In order for changes to take effect, the OSPF process should be cleared on one of the two routers:

R7#clear ip ospf process
Reset ALL OSPF processes? [no]: yes

To verify that the virtual link is operational and that MD5 is being used for virtual link authentication, use the following commands:

R7#show ip ospf virtual-links
Virtual Link OSPF_VL0 to router 3.3.3.3 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 2, via interface GigabitEthernet0/1
 Topology-MTID    Cost    Disabled     Shutdown      Topology Name
        0           1         no          no            Base
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:03
    Adjacency State FULL (Hello suppressed)
    Index 1/1/2, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
  Cryptographic authentication enabled
    Youngest key id is 1

Notice that the virtual link is up and that it has “Cryptographic authentication enabled.”

Verify the state of the OSPF neighbors of R3 using the following command:

R3#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
7.7.7.7           0   FULL/  -           -        192.168.6.7     OSPF_VL1
7.7.7.7           1   FULL/BDR        00:00:34    192.168.6.7     GigabitEthernet0/2
9.9.9.9           0   FULL/  -        00:01:16    192.168.3.9     GigabitEthernet0/3
10.10.10.10       0   FULL/  -        00:01:16    192.168.3.10    GigabitEthernet0/3

The virtual link is up and running. However, if the dead time has elapsed, you will notice that the adjacencies with R1, R2, and R4 have been removed. You will notice that R8 has also lost its neighbor adjacency with R7:

R8#show ip ospf neighbor

Why? In order to enable the virtual link authentication using MD5, we had to issue the area 0 authentication message-digest command for Area 0 on both R3 and R7. This enables MD5 authentication globally for Area 0 and thus requires that MD5 be configured on all routers within the area. To reestablish neighbor adjacencies, we must enable MD5 authentication on all routers in Area 0.

To achieve this, use the following commands:

R3(config)#interface GigabitEthernet0/1
R3(config-if)#ip ospf message-digest-key 1 md5 my_pass

R7(config)#interface GigabitEthernet0/3
R7(config-if)#ip ospf message-digest-key 1 md5 my_pass

Note that since MD5 authentication for OSPF has been configured globally on R3 and R7 for Area 0, we only need to issue the appropriate commands on the interfaces. For the rest of the routers, we will enable “message-digest” authentication on a per-interface basis:

R1(config)#interface GigabitEthernet0/1
R1(config-if)#ip ospf authentication message-digest
R1(config-if)#ip ospf message-digest-key 1 md5 my_pass

R2(config)#interface GigabitEthernet0/1
R2(config-if)#ip ospf authentication message-digest
R2(config-if)#ip ospf message-digest-key 1 md5 my_pass

R4(config)#interface GigabitEthernet0/1
R4(config-if)#ip ospf authentication message-digest
R4(config-if)#ip ospf message-digest-key 1 md5 my_pass

R8(config)#interface GigabitEthernet0/1
R8(config-if)#ip ospf authentication message-digest
R8(config-if)#ip ospf message-digest-key 1 md5 my_pass

To verify that all neighbor adjacencies have been reestablished after the application of MD5 authentication within Area 0, use the following commands:

R3#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
7.7.7.7           0   FULL/  -           -        192.168.6.7     OSPF_VL1
1.1.1.1           1   FULL/DROTHER    00:00:31    20.20.20.1      GigabitEthernet0/1
2.2.2.2          50   FULL/BDR        00:00:34    20.20.20.2      GigabitEthernet0/1
4.4.4.4           1   FULL/DROTHER    00:00:35    20.20.20.4      GigabitEthernet0/1
7.7.7.7           1   FULL/BDR        00:00:33    192.168.6.7     GigabitEthernet0/2
9.9.9.9           0   FULL/  -        00:01:11    192.168.3.9     GigabitEthernet0/3
10.10.10.10       0   FULL/  -        00:01:11    192.168.3.10    GigabitEthernet0/3

R7#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
8.8.8.8           1   FULL/BDR        00:00:37    20.20.30.8      GigabitEthernet0/3
3.3.3.3           0   FULL/  -           -        192.168.6.3     OSPF_VL0
3.3.3.3           1   FULL/DR         00:00:34    192.168.6.3     GigabitEthernet0/1

From the above output, you can see that the neighbor relationships between routers within Area 0 have been reestablished. When issuing the same command on the rest of the routers in Area 0, similar results should be observed.

Load Balancing and Path Preference

In this section, you will configure OSPF to route traffic according to the described requirements.

Route Area 0 traffic to Area 51 via R2

To fulfill the required OSPF routing behavior, perform the following:

First, examine which path routers in Area 0 must take to reach the networks in Area 51 and beyond. To do so, issue the following command:

R1#show ip route | begin Gateway
Gateway of last resort is 203.0.113.2 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 203.0.113.2
      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.1.1.0/24 is directly connected, Loopback0
L        1.1.1.1/32 is directly connected, Loopback0
      2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/2] via 20.20.20.2, 00:32:49, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 20.20.20.3, 22:58:58, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O        4.4.4.4 [110/2] via 20.20.20.4, 00:32:39, GigabitEthernet0/1
      5.0.0.0/32 is subnetted, 1 subnets
O IA     5.5.5.5 [110/3] via 20.20.20.4, 00:28:24, GigabitEthernet0/1
                 [110/3] via 20.20.20.2, 00:28:23, GigabitEthernet0/1
      6.0.0.0/32 is subnetted, 1 subnets
O E2     6.6.6.6 [110/20] via 20.20.20.4, 00:28:24, GigabitEthernet0/1
                 [110/20] via 20.20.20.2, 00:28:14, GigabitEthernet0/1
      7.0.0.0/32 is subnetted, 1 subnets
O IA     7.7.7.7 [110/3] via 20.20.20.3, 22:58:58, GigabitEthernet0/1
      8.0.0.0/32 is subnetted, 1 subnets
O        8.8.8.8 [110/4] via 20.20.20.3, 22:41:44, GigabitEthernet0/1
      9.0.0.0/32 is subnetted, 1 subnets
O IA     9.9.9.9 [110/3] via 20.20.20.3, 22:58:58, GigabitEthernet0/1
      10.0.0.0/32 is subnetted, 1 subnets
O IA     10.10.10.10 [110/3] via 20.20.20.3, 22:58:58, GigabitEthernet0/1
      20.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C        20.20.20.0/24 is directly connected, GigabitEthernet0/1
L        20.20.20.1/32 is directly connected, GigabitEthernet0/1
O        20.20.30.0/24 [110/3] via 20.20.20.3, 22:58:58, GigabitEthernet0/1
      172.16.0.0/24 is subnetted, 3 subnets
O E2     172.16.10.0 [110/20] via 20.20.20.4, 00:28:24, GigabitEthernet0/1
                     [110/20] via 20.20.20.2, 00:28:14, GigabitEthernet0/1
O E2     172.16.11.0 [110/20] via 20.20.20.4, 00:28:24, GigabitEthernet0/1
                     [110/20] via 20.20.20.2, 00:28:14, GigabitEthernet0/1
O E2     172.16.12.0 [110/20] via 20.20.20.4, 00:28:24, GigabitEthernet0/1
                     [110/20] via 20.20.20.2, 00:28:14, GigabitEthernet0/1
O IA  192.168.1.0/24 [110/2] via 20.20.20.4, 00:32:39, GigabitEthernet0/1
O IA  192.168.2.0/24 [110/2] via 20.20.20.2, 00:32:49, GigabitEthernet0/1
      192.168.3.0/32 is subnetted, 3 subnets
O IA     192.168.3.3 [110/1] via 20.20.20.3, 22:58:58, GigabitEthernet0/1
O IA     192.168.3.9 [110/2] via 20.20.20.3, 22:58:58, GigabitEthernet0/1
O IA     192.168.3.10 [110/2] via 20.20.20.3, 22:58:58, GigabitEthernet0/1
O IA  192.168.5.0/24 [110/3] via 20.20.20.3, 22:58:58, GigabitEthernet0/1
O IA  192.168.6.0/24 [110/2] via 20.20.20.3, 22:58:58, GigabitEthernet0/1
O E2  192.168.20.0/24 [110/20] via 20.20.20.4, 00:28:24, GigabitEthernet0/1
                      [110/20] via 20.20.20.2, 00:28:14, GigabitEthernet0/1
      203.0.113.0/24 is variably subnetted, 2 subnets, 2 masks
C        203.0.113.0/30 is directly connected, GigabitEthernet0/0
L        203.0.113.1/32 is directly connected, GigabitEthernet0/0

Notice that for the 5.5.5.5 route in Area 51 that is advertised by both R2 and R4 with equal cost, we see load balancing taking place. For routes beyond R5, such as 6.6.6.6, 192.168.20.0/24, 172.16.10.0/24, 172.16.11.0/24, and 172.16.12.0/24, we also see load balancing. To cause OSPF to reach all of these networks via R4 alone, use the following commands.

R2(config)#interface GigabitEthernet0/2
R2(config-if)#ip ospf cost 100

To verify that this configuration has had the appropriate results, after several seconds, check the routing table on R1 once again:

R1#show ip route | begin Gateway
Gateway of last resort is 203.0.113.2 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 203.0.113.2
      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.1.1.0/24 is directly connected, Loopback0
L        1.1.1.1/32 is directly connected, Loopback0
      2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/2] via 20.20.20.2, 00:01:56, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 20.20.20.3, 23:38:12, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O        4.4.4.4 [110/2] via 20.20.20.4, 00:02:06, GigabitEthernet0/1
      5.0.0.0/32 is subnetted, 1 subnets
O IA     5.5.5.5 [110/3] via 20.20.20.4, 00:02:06, GigabitEthernet0/1
      6.0.0.0/32 is subnetted, 1 subnets
O E2     6.6.6.6 [110/20] via 20.20.20.4, 00:01:56, GigabitEthernet0/1
      7.0.0.0/32 is subnetted, 1 subnets
O IA     7.7.7.7 [110/3] via 20.20.20.3, 23:38:12, GigabitEthernet0/1
      8.0.0.0/32 is subnetted, 1 subnets
O        8.8.8.8 [110/4] via 20.20.20.3, 23:20:58, GigabitEthernet0/1
      9.0.0.0/32 is subnetted, 1 subnets
O IA     9.9.9.9 [110/3] via 20.20.20.3, 23:38:12, GigabitEthernet0/1
      10.0.0.0/32 is subnetted, 1 subnets
O IA     10.10.10.10 [110/3] via 20.20.20.3, 23:38:12, GigabitEthernet0/1
      20.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C        20.20.20.0/24 is directly connected, GigabitEthernet0/1
L        20.20.20.1/32 is directly connected, GigabitEthernet0/1
O        20.20.30.0/24 [110/3] via 20.20.20.3, 23:38:12, GigabitEthernet0/1
      172.16.0.0/24 is subnetted, 3 subnets
O E2     172.16.10.0 [110/20] via 20.20.20.4, 00:01:56, GigabitEthernet0/1
O E2     172.16.11.0 [110/20] via 20.20.20.4, 00:01:56, GigabitEthernet0/1
O E2     172.16.12.0 [110/20] via 20.20.20.4, 00:01:56, GigabitEthernet0/1
O IA  192.168.1.0/24 [110/2] via 20.20.20.4, 00:02:06, GigabitEthernet0/1
O IA  192.168.2.0/24 [110/3] via 20.20.20.4, 00:00:38, GigabitEthernet0/1
      192.168.3.0/32 is subnetted, 3 subnets
O IA     192.168.3.3 [110/1] via 20.20.20.3, 23:38:12, GigabitEthernet0/1
O IA     192.168.3.9 [110/2] via 20.20.20.3, 23:38:12, GigabitEthernet0/1
O IA     192.168.3.10 [110/2] via 20.20.20.3, 23:38:12, GigabitEthernet0/1
O IA  192.168.5.0/24 [110/3] via 20.20.20.3, 23:38:12, GigabitEthernet0/1
O IA  192.168.6.0/24 [110/2] via 20.20.20.3, 23:38:12, GigabitEthernet0/1
O E2  192.168.20.0/24 [110/20] via 20.20.20.4, 00:01:56, GigabitEthernet0/1
      203.0.113.0/24 is variably subnetted, 2 subnets, 2 masks
C        203.0.113.0/30 is directly connected, GigabitEthernet0/0
L        203.0.113.1/32 is directly connected, GigabitEthernet0/0

Notice that all load balancing has been removed, and all routes in Area 51 and beyond are routed via R4. This includes 5.5.5.5, 6.6.6.6, 192.168.20.0/24, 172.16.10.0/24, 172.16.11.0/24, and 172.16.12.0/24. Notice also that even 192.168.2.0/24 is being routed via R4, even though it is directly connected to R2 in Area 51. All this is due to the change in the cost of interface GigiabitEthernet0/2 on R2.

To verify that R2 will be used in the event that R4 fails, perform the following:

R4(config)#interface GigabitEthernet0/1
R4(config-if)#shutdown

R1#show ip route | begin Gateway
Gateway of last resort is 203.0.113.2 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 203.0.113.2
      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        1.1.1.0/24 is directly connected, Loopback0
L        1.1.1.1/32 is directly connected, Loopback0
      2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/2] via 20.20.20.2, 00:09:17, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 20.20.20.3, 23:45:33, GigabitEthernet0/1
      5.0.0.0/32 is subnetted, 1 subnets
O IA     5.5.5.5 [110/102] via 20.20.20.2, 00:00:34, GigabitEthernet0/1
      6.0.0.0/32 is subnetted, 1 subnets
O E2     6.6.6.6 [110/20] via 20.20.20.2, 00:00:33, GigabitEthernet0/1
      7.0.0.0/32 is subnetted, 1 subnets
O IA     7.7.7.7 [110/3] via 20.20.20.3, 23:45:33, GigabitEthernet0/1
      8.0.0.0/32 is subnetted, 1 subnets
O        8.8.8.8 [110/4] via 20.20.20.3, 23:28:19, GigabitEthernet0/1
      9.0.0.0/32 is subnetted, 1 subnets
O IA     9.9.9.9 [110/3] via 20.20.20.3, 23:45:33, GigabitEthernet0/1
      10.0.0.0/32 is subnetted, 1 subnets
O IA     10.10.10.10 [110/3] via 20.20.20.3, 23:45:33, GigabitEthernet0/1
      20.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C        20.20.20.0/24 is directly connected, GigabitEthernet0/1
L        20.20.20.1/32 is directly connected, GigabitEthernet0/1
O        20.20.30.0/24 [110/3] via 20.20.20.3, 23:45:33, GigabitEthernet0/1
      172.16.0.0/24 is subnetted, 1 subnets
O E2     172.16.10.0 [110/20] via 20.20.20.2, 00:00:33, GigabitEthernet0/1
O E2     172.16.11.0 [110/20] via 20.20.20.2, 00:00:33, GigabitEthernet0/1
O E2     172.16.12.0 [110/20] via 20.20.20.2, 00:00:33, GigabitEthernet0/1
O IA  192.168.1.0/24 [110/102] via 20.20.20.2, 00:00:34, GigabitEthernet0/1
O IA  192.168.2.0/24 [110/101] via 20.20.20.2, 00:00:34, GigabitEthernet0/1
      192.168.3.0/32 is subnetted, 3 subnets
O IA     192.168.3.3 [110/1] via 20.20.20.3, 23:45:33, GigabitEthernet0/1
O IA     192.168.3.9 [110/2] via 20.20.20.3, 23:45:33, GigabitEthernet0/1
O IA     192.168.3.10 [110/2] via 20.20.20.3, 23:45:33, GigabitEthernet0/1
O IA  192.168.5.0/24 [110/3] via 20.20.20.3, 23:45:33, GigabitEthernet0/1
O IA  192.168.6.0/24 [110/2] via 20.20.20.3, 23:45:33, GigabitEthernet0/1
O E2  192.168.20.0/24 [110/20] via 20.20.20.2, 00:00:33, GigabitEthernet0/1
      203.0.113.0/24 is variably subnetted, 2 subnets, 2 masks
C        203.0.113.0/30 is directly connected, GigabitEthernet0/0
L        203.0.113.1/32 is directly connected, GigabitEthernet0/0

Notice that all routes in Area 51 and beyond are now routed via R2. This includes 5.5.5.5, 6.6.6.6, 192.168.20.0/24, 172.16.10.0/24, 172.16.11.0/24, and 172.16.12.0/24. Notice also that even 192.168.1.0/24 is routed via R2, even though it is directly connected to R4 in Area 51. So, all the requirements of routing Area 0 traffic to Area 51 have been fulfilled. Before you continue, make sure to bring the GigabitEthernet0/1 interface of R4 back up.

R4(config)#interface GigabitEthernet0/1
R4(config-if)#no shutdown

Route Area 51 traffic to Area 0

To fulfill the required OSPF routing behavior, perform the following:

First, examine how traffic is being routed from Area 51 to Area 0. To do this, issue the following command:

R5#show ip route | begin Gateway
Gateway of last resort is 192.168.2.2 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 192.168.2.2, 00:00:30, GigabitEthernet0/1
                [110/2] via 192.168.1.4, 00:03:03, GigabitEthernet0/2
      5.0.0.0/32 is subnetted, 1 subnets
C        5.5.5.5 is directly connected, Loopback0
      6.0.0.0/32 is subnetted, 1 subnets
S        6.6.6.6 [1/0] via 192.168.20.6
      172.16.0.0/24 is subnetted, 3 subnets
S        172.16.10.0 [1/0] via 192.168.20.6
S        172.16.11.0 [1/0] via 192.168.20.6
S        172.16.12.0 [1/0] via 192.168.20.6
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, GigabitEthernet0/2
L        192.168.1.5/32 is directly connected, GigabitEthernet0/2
      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.2.0/24 is directly connected, GigabitEthernet0/1
L        192.168.2.5/32 is directly connected, GigabitEthernet0/1
      192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.20.0/24 is directly connected, GigabitEthernet0/3
L        192.168.20.5/32 is directly connected, GigabitEthernet0/3

As expected, because this is a Totally NSSA area, only the default route via the ABRs appears as an OSPF route. All traffic is load-balanced across both ABRs. The requirement, however, is that Internet traffic (default gateway traffic) be routed only via R2, while all traffic destined for internal networks be load balanced. In order to achieve this, we must change the stub type in such a way that it allows Type 3 LSAs into Area 51. That way, we can differentiate between how Internet traffic is treated and, we must convert Area 51 from a Totally NSSA to an NSSA area. To do so, issue the following commands:

R4(config)#router ospf 1
R4(config-router)#no area 51 nssa no-summary

R2(config)#router ospf 1
R2(config-router)#no area 51 nssa no-summary

By issuing the above commands, only the “no-summary” portion of the command is removed. The area 51 nssa part of the command remains intact. To confirm this, issue the following commands:

R4#show run | section ospf
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 my_pass
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 my_pass
 ip ospf ttl-security
router ospf 1
 area 51 nssa
 network 4.4.4.4 0.0.0.0 area 0
 network 20.20.20.0 0.0.0.255 area 0
 network 192.168.1.0 0.0.0.255 area 51

R2#do show run | section ospf
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 my_pass
 ip ospf priority 50
 ip ospf authentication key-chain R2
 ip ospf ttl-security
 ip ospf cost 100
router ospf 1
 area 51 nssa
 network 2.2.2.0 0.0.0.255 area 0
 network 20.20.20.0 0.0.0.255 area 0
 network 192.168.2.0 0.0.0.255 area 51

Notice that for both R2 and R4, the area 51 nssa command remains in the OSPF configuration. This command is already configured on R5, so Area 51 has now been converted to an NSSA. Take a look at R5’s routing table to verify the expected routing behavior:

R5#show ip route | begin Gateway
Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/3] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                 [110/3] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
      2.0.0.0/32 is subnetted, 1 subnets
O IA     2.2.2.2 [110/2] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/3] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                 [110/3] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
      4.0.0.0/32 is subnetted, 1 subnets
O IA     4.4.4.4 [110/2] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
      5.0.0.0/32 is subnetted, 1 subnets
C        5.5.5.5 is directly connected, Loopback0
      6.0.0.0/32 is subnetted, 1 subnets
S        6.6.6.6 [1/0] via 192.168.20.6
      7.0.0.0/32 is subnetted, 1 subnets
O IA     7.7.7.7 [110/4] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                 [110/4] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
      8.0.0.0/32 is subnetted, 1 subnets
O IA     8.8.8.8 [110/5] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                 [110/5] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
      9.0.0.0/32 is subnetted, 1 subnets
O IA     9.9.9.9 [110/4] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                 [110/4] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
      10.0.0.0/32 is subnetted, 1 subnets
O IA     10.10.10.10 [110/4] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                     [110/4] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
      20.0.0.0/24 is subnetted, 2 subnets
O IA     20.20.20.0 [110/2] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                    [110/2] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
O IA     20.20.30.0 [110/4] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                    [110/4] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
      172.16.0.0/24 is subnetted, 3 subnets
S        172.16.10.0 [1/0] via 192.168.20.6
S        172.16.11.0 [1/0] via 192.168.20.6
S        172.16.12.0 [1/0] via 192.168.20.6
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, GigabitEthernet0/2
L        192.168.1.5/32 is directly connected, GigabitEthernet0/2
      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.2.0/24 is directly connected, GigabitEthernet0/1
L        192.168.2.5/32 is directly connected, GigabitEthernet0/1
      192.168.3.0/32 is subnetted, 3 subnets
O IA     192.168.3.3 [110/2] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                     [110/2] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
O IA     192.168.3.9 [110/3] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                     [110/3] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
O IA     192.168.3.10 [110/3] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                      [110/3] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
O IA  192.168.5.0/24 [110/4] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                     [110/4] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
O IA  192.168.6.0/24 [110/3] via 192.168.2.2, 00:11:02, GigabitEthernet0/1
                     [110/3] via 192.168.1.4, 00:11:28, GigabitEthernet0/2
      192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.20.0/24 is directly connected, GigabitEthernet0/3
L        192.168.20.5/32 is directly connected, GigabitEthernet0/3

You can see that all Inter-Area routes appear in the routing table, and those that have an equal cost are load-balanced across both R2 and R4. There is, however, no default route, which is to be expected for an NSSA area. To fulfill the requirements of the task, perform the following configurations:

R4(config)#router ospf 1
R4(config-router)#area 51 nssa default-information-originate metric 100

R2(config)#router ospf 1
R2(config-router)#area 51 nssa default-information-originate metric 50

The value for the metric can be anything as long as it is smaller for R2 since we want internet traffic (i.e., default traffic) to be routed via R2. To verify the routing behavior on R5, issue the following command:

R5#show ip route | begin Gateway
Gateway of last resort is 192.168.2.2 to network 0.0.0.0

O*N2  0.0.0.0/0 [110/50] via 192.168.2.2, 00:03:13, GigabitEthernet0/1
      1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/3] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                 [110/3] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
      2.0.0.0/32 is subnetted, 1 subnets
O IA     2.2.2.2 [110/2] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/3] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                 [110/3] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
      4.0.0.0/32 is subnetted, 1 subnets
O IA     4.4.4.4 [110/2] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
      5.0.0.0/32 is subnetted, 1 subnets
C        5.5.5.5 is directly connected, Loopback0
      6.0.0.0/32 is subnetted, 1 subnets
S        6.6.6.6 [1/0] via 192.168.20.6
      7.0.0.0/32 is subnetted, 1 subnets
O IA     7.7.7.7 [110/4] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                 [110/4] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
      8.0.0.0/32 is subnetted, 1 subnets
O IA     8.8.8.8 [110/5] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                 [110/5] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
      9.0.0.0/32 is subnetted, 1 subnets
O IA     9.9.9.9 [110/4] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                 [110/4] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
      10.0.0.0/32 is subnetted, 1 subnets
O IA     10.10.10.10 [110/4] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                     [110/4] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
      20.0.0.0/24 is subnetted, 2 subnets
O IA     20.20.20.0 [110/2] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                    [110/2] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
O IA     20.20.30.0 [110/4] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                    [110/4] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
      172.16.0.0/24 is subnetted, 3 subnets
S        172.16.10.0 [1/0] via 192.168.20.6
S        172.16.11.0 [1/0] via 192.168.20.6
S        172.16.12.0 [1/0] via 192.168.20.6
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, GigabitEthernet0/2
L        192.168.1.5/32 is directly connected, GigabitEthernet0/2
      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.2.0/24 is directly connected, GigabitEthernet0/1
L        192.168.2.5/32 is directly connected, GigabitEthernet0/1
      192.168.3.0/32 is subnetted, 3 subnets
O IA     192.168.3.3 [110/2] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                     [110/2] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
O IA     192.168.3.9 [110/3] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                     [110/3] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
O IA     192.168.3.10 [110/3] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                      [110/3] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
O IA  192.168.5.0/24 [110/4] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                     [110/4] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
O IA  192.168.6.0/24 [110/3] via 192.168.2.2, 00:21:41, GigabitEthernet0/1
                     [110/3] via 192.168.1.4, 00:22:07, GigabitEthernet0/2
      192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.20.0/24 is directly connected, GigabitEthernet0/3
L        192.168.20.5/32 is directly connected, GigabitEthernet0/3

Note that the default route is now via R4, while all other routes to internal destinations are load-balanced across both R2 and R4 if the cost is equal. To verify routing using traceroute, use the following commands:

R5#traceroute 203.0.113.2
Type escape sequence to abort.
Tracing the route to 203.0.113.2
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.2.2 5 msec 2 msec 3 msec
  2 20.20.20.1 7 msec 3 msec 3 msec
  3 203.0.113.2 4 msec 3 msec 4 msec

R5#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.1.4 3 msec
    192.168.2.2 2 msec
    192.168.1.4 2 msec
  2 20.20.20.1 3 msec *  8 msec

The above output shows that the traceroute to the 203.0.113.2 (Internet) destination is routed via R2, while the traceroute to an internal destination of 1.1.1.1 is load-balanced across R2 and R4. The task is complete.

LSA and Distribute-List Filtering

In this section, you will configure OSPF to perform the required LSA and distribute-list filtering. To fulfill all of the stated routing requirements, perform the following configurations:

Filter loopback addresses in Area 0

To fulfill the required filtering, perform the following commands:

First, let’s take a look and see what loopbacks from Area 0 appear in the routing table of a router in Area 3. Let’s take a look at the routing table of R9:

R9#show ip route | begin Gateway
Gateway of last resort is 192.168.3.3 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 192.168.3.3, 1d23h, GigabitEthernet0/1
      1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/3] via 192.168.3.3, 1d02h, GigabitEthernet0/1
      2.0.0.0/32 is subnetted, 1 subnets
O IA     2.2.2.2 [110/3] via 192.168.3.3, 02:40:43, GigabitEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/2] via 192.168.3.3, 1d23h, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
O IA     4.4.4.4 [110/3] via 192.168.3.3, 01:30:18, GigabitEthernet0/1
      5.0.0.0/32 is subnetted, 1 subnets
O IA     5.5.5.5 [110/4] via 192.168.3.3, 01:25:13, GigabitEthernet0/1
      7.0.0.0/32 is subnetted, 1 subnets
O IA     7.7.7.7 [110/3] via 192.168.3.3, 1d23h, GigabitEthernet0/1
      8.0.0.0/32 is subnetted, 1 subnets
O IA     8.8.8.8 [110/4] via 192.168.3.3, 1d02h, GigabitEthernet0/1
      9.0.0.0/32 is subnetted, 1 subnets
C        9.9.9.9 is directly connected, Loopback0
      10.0.0.0/32 is subnetted, 1 subnets
O        10.10.10.10 [110/3] via 192.168.3.3, 1d23h, GigabitEthernet0/1
      20.0.0.0/24 is subnetted, 2 subnets
O IA     20.20.20.0 [110/2] via 192.168.3.3, 1d02h, GigabitEthernet0/1
O IA     20.20.30.0 [110/3] via 192.168.3.3, 1d02h, GigabitEthernet0/1
O IA  192.168.1.0/24 [110/3] via 192.168.3.3, 01:30:18, GigabitEthernet0/1
O IA  192.168.2.0/24 [110/4] via 192.168.3.3, 01:25:13, GigabitEthernet0/1
      192.168.3.0/24 is variably subnetted, 4 subnets, 2 masks
C        192.168.3.0/24 is directly connected, GigabitEthernet0/1
O        192.168.3.3/32 [110/1] via 192.168.3.3, 1d23h, GigabitEthernet0/1
L        192.168.3.9/32 is directly connected, GigabitEthernet0/1
O        192.168.3.10/32 [110/2] via 192.168.3.3, 1d23h, GigabitEthernet0/1
O IA  192.168.5.0/24 [110/3] via 192.168.3.3, 1d23h, GigabitEthernet0/1
O IA  192.168.6.0/24 [110/2] via 192.168.3.3, 1d23h, GigabitEthernet0/1

Notice that 1.1.1.1, 2.2.2.2, 3.3.3.3, and 4.4.4.4 appear in the routing table as Inter-Area routes. To fulfill the requirements of the task, perform the following commands:

R3(config)#ip prefix-list INTO_Area3 deny 1.1.1.1/32
R3(config)#ip prefix-list INTO_Area3 deny 2.2.2.2/32
R3(config)#ip prefix-list INTO_Area3 deny 3.3.3.3/32
R3(config)#ip prefix-list INTO_Area3 deny 4.4.4.4/32
R3(config)#ip prefix-list INTO_Area3 permit 0.0.0.0/0 le 32
R3(config)#router ospf 1
R3(config-router)#area 3 filter-list prefix INTO_Area3 in

Now, let’s examine the results on the routing table of R9:

R9#show ip route | begin Gateway
Gateway of last resort is 192.168.3.3 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 192.168.3.3, 1d23h, GigabitEthernet0/1
      5.0.0.0/32 is subnetted, 1 subnets
O IA     5.5.5.5 [110/4] via 192.168.3.3, 01:33:16, GigabitEthernet0/1
      7.0.0.0/32 is subnetted, 1 subnets
O IA     7.7.7.7 [110/3] via 192.168.3.3, 1d23h, GigabitEthernet0/1
      8.0.0.0/32 is subnetted, 1 subnets
O IA     8.8.8.8 [110/4] via 192.168.3.3, 1d02h, GigabitEthernet0/1
      9.0.0.0/32 is subnetted, 1 subnets
C        9.9.9.9 is directly connected, Loopback0
      10.0.0.0/32 is subnetted, 1 subnets
O        10.10.10.10 [110/3] via 192.168.3.3, 1d23h, GigabitEthernet0/1
      20.0.0.0/24 is subnetted, 2 subnets
O IA     20.20.20.0 [110/2] via 192.168.3.3, 1d02h, GigabitEthernet0/1
O IA     20.20.30.0 [110/3] via 192.168.3.3, 1d02h, GigabitEthernet0/1
O IA  192.168.1.0/24 [110/3] via 192.168.3.3, 01:38:21, GigabitEthernet0/1
O IA  192.168.2.0/24 [110/4] via 192.168.3.3, 01:33:16, GigabitEthernet0/1
      192.168.3.0/24 is variably subnetted, 4 subnets, 2 masks
C        192.168.3.0/24 is directly connected, GigabitEthernet0/1
O        192.168.3.3/32 [110/1] via 192.168.3.3, 1d23h, GigabitEthernet0/1
L        192.168.3.9/32 is directly connected, GigabitEthernet0/1
O        192.168.3.10/32 [110/2] via 192.168.3.3, 1d23h, GigabitEthernet0/1
O IA  192.168.5.0/24 [110/3] via 192.168.3.3, 1d23h, GigabitEthernet0/1
O IA  192.168.6.0/24 [110/2] via 192.168.3.3, 1d23h, GigabitEthernet0/1

Routes to the four loopbacks of the routers in Area 0 have been removed from the routing table. They have been filtered by R3, which is the ABR for Area 3.

Forum Replies

lagapidis says:

Hello Niclas

Thanks for the feedback, we do our best! More labs are on the way, thanks for your suggestions!

Laz
sahakt says:

AMAZING LAB!!! Can we please get more of this? Possibly a mix of everything as well like EIGRP redistributing to OSPF with some BGP DMVPN etc… Fantastic lab!
juddin76 says:

Please establish a typical Enterprise lab that would be very helpful if you describe along with that.
lagapidis says:

Hello Sahakt

Thanks for your feedback! We’re thrilled that you found the lab useful. We are planning on putting together some more labs in the near future, so stay tuned for those! Thanks for your suggestions, we’ll take a look with Rene and see what we can do…

Thanks again!

Laz
lagapidis says:

Hello Mohammad

Thanks for your suggestion, we’ll consider it as we discuss the next labs that we’ll be creating.

Keep labbing!

Laz

6 more replies! Ask a question or join the discussion by visiting our Community Forum

Topology

IPv4

IPv6

Startup Configs

Tasks

Basics

IP Addressing

IPv4 Addressing

IPv6 Addressing

Basic OSPF Configurations

Area 0

Area 2

Area 51

Area 3

Non-Contiguous Area 0

Testing Connectivity of Basic OSPF configuration

Advanced OSPF Configurations

Security and Authentication

Load Balancing and Path Preference

LSA and Distribute-List Filtering

Summarization

Migrating to OSPFv3 for IPv6

Assign the new IPv6 addressing scheme

Enable and configure OSPFv3 in areas 0, 2 and 51

IPv6 default route

OSPFv3 Authentication and encryption

Testing and Verification of IPv6 OSPFv3 Topology

Solution

Basics

Hostnames on devices

IP Addressing

IPv6 addressing

Basic OSPF configurations

Area 0

OSPF configurations

DR/BDR election results

Static default route

Area 2

OSPF configurations

GigabitEthernet0/2 on R7 not to search for OSPF neighbors

Area 51

OSPF configurations

R5 Router ID

Static routing on R5 and R6

Redistributing static and connected routes into OSPF on R5

Area 51 as a Totally NSSA

Area 3

OSPF configurations

Area 3 as a point to multipoint non-broadcast network type

Area 3 as a Stub Area

Non-Contiguous Area 0

OSPF configurations

4.3.5.2 Create a Virtual Link

Testing Connectivity of Basic OSPF Configuration

Pinging the Internet

Pinging the Inter-Area locations

Traceroute between various locations

Advanced OSPF configurations

Security and Authentication

Plain text OSPF neighbor authentication

TTL security check

MD5 and SHA-HMAC OSPF neighbor authentication

Virtual Link Authentication

Load Balancing and Path Preference

Route Area 0 traffic to Area 51 via R2

Route Area 51 traffic to Area 0

LSA and Distribute-List Filtering

Filter loopback addresses in Area 0

We're Sorry, Full Content Access is for Members Only...

Forum Replies